matiex | 2d989a1638a922a23b2b0efe882765501c18745bdee68fadee45f835b1772337 | Triage

Submit
Reports

Overview

overview

Static

static

Payment.exe

windows7_x64

Payment.exe

windows10-2004_x64

Sharing

General

Target

2d989a1638a922a23b2b0efe882765501c18745bdee68fadee45f835b1772337
Size

686KB
Sample

220420-czx4rahea4
MD5

f6fc2bfd35390eb8f4a0283736ab4c84
SHA1

ea01609b9d2880306b6fe88d1ac0d2c91a17f7c3
SHA256

2d989a1638a922a23b2b0efe882765501c18745bdee68fadee45f835b1772337
SHA512

ab086cf364dbab3d37041c2974906e5ca15f1906ec0e77adf7644fa4bb2c8fe7051e65d6181493f0496c2f228e0b5d7caa9984b645f8be8498bd06894af2a76b

Score

10^/10

matiex collection keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Payment.exe

Resource

win7-20220414-en

matiex collection keylogger spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Payment.exe

Resource

win10v2004-20220414-en

matiex collection keylogger spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

matiex

Credentials

Protocol: smtp
Host:
ebop.website
Port:
587
Username:
[email protected]
Password:
P@ssw0rdP@ssw0rd

Targets

- Target
  
  Payment.exe
- Size
  
  741KB
- MD5
  
  af90c71820ae43a15bc7e9b19a5756b5
- SHA1
  
  14c10d4943fbd06fa014a28e457f7c3559c276ae
- SHA256
  
  c578f89d2e9d40571b7abb4839a07f019dcc3bfc37705ee8d9cccfe306432463
- SHA512
  
  9d58b08e2cffc7992cb0347a6ebc7969c7cb6d84b5f949ee25028c250f52cf0f9d2085739fed22081ca551e666277d35b87f170db17aea65b3388c5d0b46f7f5
Score

10^/10

matiex collection keylogger spyware stealer
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main Payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

matiexcollectionkeyloggerspywarestealer

behavioral2

matiexcollectionkeyloggerspywarestealer

© 2018-2024

Terms | Privacy